IT and Cybersecurity Risk Manager

Role Profile

Within the Risk & Compliance department, a team of more than 40 talented professionals in Risk, Business Continuity Management, Internal Control and Compliance, spread across our various geographies, is ensuring to preserve the value assets and reputation of the company. Identifying and assessing risks, implementing mitigation actions, informing and raising staff and business awareness, monitoring and ensuring compliance with the appropriate regulations are the core activities embedded in our team.

In this department, Group Resilience, Operational and Technology Risk team is covering the second line of defense function on Risk for IT, Cybersecurity, Human Resources, Procurement and other transversal departments, as well as maintaining the appropriate ICT Risk Management and Digital Operational Resilience maturity in the group. The stakeholders are located in all Euronext entities (Paris, Porto, Milan, Oslo, New York, Dublin, Copenhagen…).

Working as IT & Cyber Risk officer, the successful candidate will be engaged in all areas of the business part of Euronext group and will mainly focus in IT and Cybersecurity resilience across the Group.

He/She will support the Risk team in the monitoring and deployment of the ICT Risk Management Framework as well as the Digital Operational Resilience Strategy (DORS - in line with DORA regulation). The candidate  will work closely with Euronext Risk Management community, and IT and Cybersecurity teams to insure good level of ICT risk management toward the organisation and its entities.

Key Accountabilities

ICT Risk Management

• Collaborate with internal stakeholders to identify, assess, and monitor ICT risks, ensuring alignment with company policies and regulatory frameworks (e.g., DORA, ISO 27001).
• Assist in conducting ICT asset risk assessments, including the evaluation of criticality, exposure, and dependency risks.
• Support the creation and maintenance of ICT risk registers and dashboards, ensuring accurate documentation and reporting.
• Contribute to the development and enhancement of ICT risk mitigation strategies and action plans.
• Participate in change management and project management Risk oversight
• Participate to LOD2 review on Third Party Risk assessment
• Participate to development of Operational Risk Indicators

IT and Cybersecurity monitoring support

• Assist in reviewing IT and cybersecurity measures to safeguard ICT assets and operations.
• Contribute to the development of ICT Risk awareness programs and training initiatives.

Reporting

• Support ICT risk and resilience initiatives, ensuring tasks are well-coordinated and deadlines are met.
• Prepare summaries and presentations for ICT risk management activities to share with senior stakeholders.
• Contribute to periodic reporting on ICT risk posture, incidents, and key metrics.

Required Skills & Experience

Education and Experience

• Minimum 3 years of higher education in IT, cybersecurity, or risk management, or equivalent experience.
• Entry-level knowledge of IT systems, cybersecurity concepts, and risk management frameworks.
• Familiarity with standards and best practices such as ISO 27001, NIST, CIS
• Understanding of financial regulation (e.g., MIFID, DORA, NIS 2) is a plus.

Skills and Competencies

• Fluent in English (daily use); French is a nice-to-have.
• Strong analytical and problem-solving skills.
• Autonomy, proactivity, and ability to summarize complex information.
• Excellent communication skills, both written and verbal.

We are proud to be an equal opportunity employer. We do not discriminate against individuals on the basis of race, gender, age, citizenship, religion, sexual orientation, gender identity or expression, disability, or any other legally protected factor. We value the unique talents of all our people, who come from diverse backgrounds with different personal experiences and points of view and we are committed to providing an environment of mutual respect.

This job description is only describing the main activities within a certain role and is not exhaustive. It does not prevent to add more tasks, projects.